README
¶
vtquery
vtquery is VirusTotal query library that doesn't use official API.
Usage
Query hash and get result from VirusTotal.
hash := "909349d9beeaf08a155bdfc8aadf73d093e545b7"
vt, err := vtquery.NewDefaultClient()
if err != nil {
log.Fatal(err)
}
result, err := vt.HashQuery(hash)
if err != nil {
log.Fatal(err)
}
result.ShowReport()
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsValidHash ¶
IsValidHash checks if argument is valid MD5, SHA1 or SHA256
func IsValidURL ¶
IsValidURL checks if argument is valid URL scheme
Types ¶
type AnalysisResult ¶
type AnalysisResult struct {
Category string `json:"category"`
EngineName string `json:"engine_name"`
EngineUpdate string `json:"engine_update"`
EngineVersion string `json:"engine_version"`
Method string `json:"method"`
Result string `json:"result"`
}
AnalysisResult represents generic analysis result for both hash and url.
type Client ¶
Client is basic client structure for VirusTotal API
func NewDefaultClient ¶
NewDefaultClient creates instance with default URL and User-Agent
type HashQueryResult ¶
type HashQueryResult struct {
Attributes struct {
Exiftool struct {
FileType string `json:"FileType"`
FileTypeExtension string `json:"FileTypeExtension"`
MIMEType string `json:"MIMEType"`
} `json:"exiftool"`
FirstSubmissionDate int64 `json:"first_submission_date"`
LastAnalysisDate int64 `json:"last_analysis_date"`
LastAnalysisResults map[string]AnalysisResult `json:"last_analysis_results"`
LastAnalysisStats struct {
Failure int `json:"failure"`
Harmless int `json:"harmless"`
Malicious int `json:"malicious"`
Suspicious int `json:"suspicious"`
Timeout int `json:"timeout"`
TypeUnsupported int `json:"type-unsupported"`
Undetected int `json:"undetected"`
} `json:"last_analysis_stats"`
LastSubmissionDate int64 `json:"last_submission_date"`
Magic string `json:"magic"`
Md5 string `json:"md5"`
Names []string `json:"names"`
Reputation int `json:"reputation"`
RtfInfo struct {
DocumentProperties struct {
CustomXMLDataProperties int `json:"custom_xml_data_properties"`
DefaultAnsiCodepage string `json:"default_ansi_codepage"`
DefaultCharacterSet string `json:"default_character_set"`
DefaultLanguages []string `json:"default_languages"`
DosStubs int `json:"dos_stubs"`
EmbeddedDrawings int `json:"embedded_drawings"`
EmbeddedPictures int `json:"embedded_pictures"`
Generator string `json:"generator"`
LongestHexString int `json:"longest_hex_string"`
NonASCIICharacters int `json:"non_ascii_characters"`
Objects []struct {
Class string `json:"class"`
Type string `json:"type"`
} `json:"objects"`
ReadOnlyProtection bool `json:"read_only_protection"`
RtfHeader string `json:"rtf_header"`
UserProtection bool `json:"user_protection"`
} `json:"document_properties"`
} `json:"rtf_info"`
Sha1 string `json:"sha1"`
Sha256 string `json:"sha256"`
Size int `json:"size"`
Ssdeep string `json:"ssdeep"`
Tags []string `json:"tags"`
TimesSubmitted int `json:"times_submitted"`
TotalVotes struct {
Harmless int `json:"harmless"`
Malicious int `json:"malicious"`
} `json:"total_votes"`
Trid []struct {
FileType string `json:"file_type"`
Probability float64 `json:"probability"`
} `json:"trid"`
TypeDescription string `json:"type_description"`
TypeTag string `json:"type_tag"`
Vhash string `json:"vhash"`
} `json:"attributes"`
ID string `json:"id"`
Links struct {
Self string `json:"self"`
} `json:"links"`
Type string `json:"type"`
}
HashQueryResult is File Hash analysis result as JSON.
func (*HashQueryResult) ShowReport ¶
func (hr *HashQueryResult) ShowReport()
ShowReport print query result of file hash to stdout.
type QueryResult ¶
type QueryResult interface {
ShowReport()
}
type RequestOptions ¶
type RequestOptions struct {
// Params is a map of key-value pairs that will be added to the Request.
Params map[string]string
// Body is an io.Reader object that will be streamed or uploaded with the
// Request. BodyLength is the final size of the Body.
Body io.Reader
BodyLength int64
}
RequestOptions is the list of options to pass to the request.
type Result ¶
type Result struct {
Data []interface{} `json:"data"`
Links struct {
Self string `json:"self"`
} `json:"links"`
}
Result is common data structure fot HashQueryResult/URLQueryResult
type URLQueryResult ¶
type URLQueryResult struct {
Attributes struct {
Categories struct {
ForcepointThreatSeeker string `json:"Forcepoint ThreatSeeker"`
} `json:"categories"`
FirstSubmissionDate int64 `json:"first_submission_date"`
LastAnalysisDate int64 `json:"last_analysis_date"`
LastAnalysisResults map[string]AnalysisResult `json:"last_analysis_results"`
LastAnalysisStats struct {
Harmless int `json:"harmless"`
Malicious int `json:"malicious"`
Suspicious int `json:"suspicious"`
Timeout int `json:"timeout"`
Undetected int `json:"undetected"`
} `json:"last_analysis_stats"`
LastFinalURL string `json:"last_final_url"`
LastSubmissionDate int64 `json:"last_submission_date"`
Reputation int `json:"reputation"`
Tags []interface{} `json:"tags"`
TimesSubmitted int `json:"times_submitted"`
TotalVotes struct {
Harmless int `json:"harmless"`
Malicious int `json:"malicious"`
} `json:"total_votes"`
URL string `json:"url"`
} `json:"attributes"`
ID string `json:"id"`
Links struct {
Self string `json:"self"`
} `json:"links"`
Relationships struct {
LastServingIPAddress struct {
Data struct {
ID string `json:"id"`
Type string `json:"type"`
} `json:"data"`
Links struct {
Related string `json:"related"`
Self string `json:"self"`
} `json:"links"`
} `json:"last_serving_ip_address"`
NetworkLocation struct {
Data struct {
ID string `json:"id"`
Type string `json:"type"`
} `json:"data"`
Links struct {
Related string `json:"related"`
Self string `json:"self"`
} `json:"links"`
} `json:"network_location"`
} `json:"relationships"`
Type string `json:"type"`
}
URLQueryResult is URL analysis result as JSON.
func (*URLQueryResult) ShowReport ¶
func (ur *URLQueryResult) ShowReport()
ShowReport print query result of url to stdout.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.